Npm isnt horrible for that.

I maintain giant playlists for each user. Generally just shuffle whoever’s listening.

I’ll look at those ASAP, super hopeful

I tried nc it for a while I would have taken me till the end of days to import all of my files.

I suspect I could keep it running by doing lockstep backups and updates. But it was just so incredibly slow.

I just want something that would give me remote access to my files with meta information about my files and a good search index.

It really wasn’t all that complicated for me. Install the client on two devices set a share up on one device go to the other device Hit add device put the share ID in. Go back to the first devices admin and say allow the share

The box you’re hosting on only needs internet access to connect the tunnel. Cloudflare terminates that SSL connection right in a piece of software on your web server.

Oh yeah, I totally get the allure of containers. I use them myself just not in production.

To be fair, python and node both suffer from the same kind of worries. And stuff gets slipped into those repos not too infrequently.

You need to have a rather capable router / firewall combo.

You could pick up a ubiquity USG. Or set up something with an isp router and a PF sense firewall.

You need to have separate networks in your house. And the ability to set firewall rules between the networks.

The network that contains the hosting box needs to have absolutely no access to anything else in your house except it’s route out to the internet. Don’t have it go to your router for DHCP set it up statically. Don’t have it go to your router for DNS, choose an external source.

The firewall rules for that network are allow outbound internet with return traffic, allow SSH and maybe VNC from your home network, then deny all.

The idea is that you assume the box is capable of getting infected. So you just make sure that the box can live safely in your network even if it is compromised.

The first worry are vectors around the Synology, It’s firmware, and network stack. Those devices are very closely scrutinized. Historically there have been many different vulnerabilities found and patched. Something like the log4j vulnerabilities back in the day where something just has to hit the logging system too hit you might open a hole in any of the other standard software packages there. And because the platform is so well known, once one vulnerability is found they already know what else exists by default and have plans for ways to attack it.

Vulnerabilities that COULD affect you in this case for few and far between but few and far between are how things happen.

The next concern you’re going to have are going to be someone slipping you a mickey in a container image. By and large it’s a bunch of good people maintaining the container images. They’re including packages from other good people. But this also means that there is a hell of a lot of cooks in the kitchen, and distribution, and upstream.

To be perfectly honest, with everything on auto update, cloud flares built-in protections for DDOS and attacks, and the nature of what you’re trying to host, you’re probably safe enough. There’s no three letter government agency or elite hacker group specifically after you. You’re far more likely to accidentally trip upon a zero day email image filter /pdf vulnerability and get bot netted as you are someone successfully attacking your Argo tunnel.

That said, it’s always better to host in someone else’s backyard than your own. If I were really, really stuck on hosting in my house on my network, I probably stand up a dedicated box, maybe something as small as a pi 0. I’d make sure that I had a really decent router / firewall and slip that hosting device into an isolated network that’s not allowed to reach out to anything else on my network.

Assume at all times that the box is toxic waste and that is an entry point into your network. Leave it isolated. No port forwards, you already have tunnels for that, don’t use it for DNS don’t use it for DHCP, Don’t allow You’re network users or devices to see ARP traffic from it.

Firewall drops everything between your home network and that box except SSH in, or maybe VNC in depending on your level of comfort.

Parsec also runs very well.

Same, I’ve been doing this for years. It’s just flawless.

For manual pi sync, You can go settings teleport, back up your container the plop into your pi and do a teleport import.

Actually yeah it is. In IPFS files under a certain size get cashed permanently. The size is pretty small I think it’s like 2K, but it’s enough that you really want to make sure you don’t accidentally share like your entire drive is a folder or something because a lot of it will stick around forever without anybody doing anything.

You have to disable authentication for certain ip’s / local networks. It’s not easy or straight forward, but it works.

Last time I had an outage, I was still watching from my roku and in the browser.

https://www.howtogeek.com/303282/how-to-use-plex-media-server-without-internet-access/

Trick is, it’s 4000% easier to set up when you’re on the internet.

You can insert some xml in places if you’re offline, but if you’re offline, knowing the places is incredibly difficult.

the hashes look like this

bafybeih3otruk3juwppyva2giufgtnll5tjqsk6mzmhjiksjkpbh434mae

IPFS is kind of like a torrent system, you generate the file, add it to something like ipfs desktop or brave browser, it injects the hash into the p2p system, they download it from you directly or any one else that has downloaded it.

It’s not for truly private things, it’s more like throwing it on an unlisted imgur. It’s also not possible to redact things so if you shove it out there, it might be out there forever.

Likely not any less private than imgur was.

That or an ipfs gateway

We know the data goes to Plex.

I would not bet you ANY amount of money they’d leave any stone unturned on data sales.

That’s why none of the stuff I sign up with them is using any of my usual credentials, they do have my ip though.

Jellyfin:

• Free
• Gets the job done
• Not in financial trouble
• No layoffs
• Not trying to sell you stuff
• Not selling your watch habbits
• Mainly develops features people want

Plex (paid):

• Decade of development with pretty solid pay features
• Easy sharing with friends and remote watching
• Decent clients for almost every device and more solid transcoding
• Fairly quick fixes for problems
• Great intro/credit/commercial skipping
• Only develops features that might make money
• In the middle of layoffs
• Centralized authentication makes is impossible to watch if offline or they’re offline unless you removed local authentication before it went offline.
• They sell your viewing habbits

Plex is super convenient and slimy

Jellyfin is pure and behind on features, clients and comforts.

The last time I was having problems with Plex and authentication I installed emby alongside it

Emby was a hell of a lot more responsive, Plex seemed to be more compatible with, well everything.

I use live TV and DVR so I think I might miss that on jellyfin